Microsoft OAuth Sign-in

​

Request

​

Path Parameters

​

Response

​

200 OK - Successful sign-in

{
  "token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
  "user": {
    "_id": "64b7f1a2e4b0a5d3f9c12345",
    "emails": "[email protected]",
    "role": "user"
  },
  "profilePicture": "data:image/jpeg;base64,/9j/4AAQSkZJRgABAQAAAQ..."
}

​

400 Bad Request

{
  "error": {
    "code": "VALIDATION_ERROR",
    "message": "Invalid authorization code"
  }
}

​

500 Internal Server Error

{
  "error": {
    "code": "SERVER_ERROR",
    "message": "Internal server error"
  }
}

​

Example

curl -X GET 'http://localhost:2000/auth/signin/microsoft/M.R3_BAY.4a8b9c...'

​

Notes

• The authorization code must be obtained from Microsoft’s OAuth 2.0 flow
• If the user doesn’t exist in the system, a new user account will be created
• The returned token should be stored securely and used for subsequent authenticated requests
• The profile picture may be returned as base64 data or a URL depending on implementation
• Token expiration time is typically 24 hours

​

OAuth Flow

1. Redirect user to Microsoft’s OAuth consent screen
2. User authorizes the application
3. Microsoft redirects back with authorization code
4. Exchange the code for access token and user profile using this endpoint